search

Financial-Times / splunk-heroku

Support for Heroku log drains packaged as a Splunk app.
https://tech.in.ft.com/tech-topics/logging/splunk/logging-from-heroku
MIT License
2 stars 0 forks source link

Add fields for the Change Splunk CIM #44

Closed sjparkinson closed 2 years ago

sjparkinson commented 2 years ago

Resolves #40.

Adds a whole bunch of fields based on https://docs.splunk.com/Documentation/CIM/5.0.1/User/Change.

Screenshots

The "Change" dataset in Splunk after adding these fields:

Screenshot 2022-08-08 at 16 03 25
sjparkinson commented 2 years ago

@edwardgoat, this should provide good coverage for Heroku I think for Splunk Enterprise Security.